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Appl.No. 09/976,516 

Amendment dated September 27, 2006 

Reply to Office Action of August 14. 2006 

Amendments to the Oaims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

1. (Canceled) 

2. (Previously Presented) The method of claim 9, wherein the interrupting step comprises the 
step of discarding a later data packet from the originator. 

3. (Previously Presented) The method of claim 9, wherein the interrupting step comprises the 
step of sending a command to the upstream router to intercept future data packets from the 
originator. 

4. (Previously Presented) The method of claim 9, wherein the interrupting step comprises the 
step of forwarding an agent to the upstream router, the agent arranged to intercept future data 
packets from the originator. 

5. (Previously Presented)The method of claim 9, wherein the determining step comprises the 
step of checking for a potential presence of at least one of a worm, a virus, and a Trojan horse. 
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6. (Previously Presented) The method of claim 9, wherein the monitoring step comprises at least 
one of the steps of: 

random sampling of a subset of data packets; 
monitoring data packets having a predetermined source address; 
monitoring data packets having a predetermined destination address; and 
monitoring data packets having a predetermined combination of source and destination 
address, 

7. (Previously Presented)The method of claim 9, wherein the determining step comprises the 
steps of: 

detennining that a first data packet is suspicious; and 

in response to determining that the first data packet is suspicious, deciding to monitor 
future data packets having at least one of a source address and a destination address matching, 
respectively, the source address and the destination address of the first data packet 

8. ( Previously Presented) The method of claim 9, wherein the interrupting step comprises the 
step of collaborating with the upstream router to cause the upstream router to update its 
capabilities to detect a potentially harmful data packet. 
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9. (Previously Presented) A method for providing node security in a router of a packet network, 
comprising the steps of: 

monitoring a data packet sent from an originator via the router and addressed to a 
destination device other than the router; 

determining in the router whether the data packet is potentially harmful to the destination 

device; 

intenupting transmission of the data packet in response to determining that the data 
packet is potentially harmful to the destination device, the interrupting further comprising the 
step of conununicating with a second router to cause the second router to interrupt transmission 
of a future data packet; and 

transmitting the data packet in respoase to determining that the data packet is not 
potentially harmful to the destination device, wherein the interrupting step comprises the step of 
collaborating with an upstream router that is not a neighbor of the router to have the upstream 
router block transmissions from the originator. 

10. (Original) The method of claim of 9, wherein the interrupting step further comprises the step 
of identifying the upstream router by sending a command to the originator, the command 
requesting address information from participating routers. 
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11. (Previously Presented) A router for providing node security in a packet network, comprising: 

a plurality of I/O ports for accepting a data packet sent fix)m an originator via the router 
and addressed to a destination device other than the router, and for transmitting the data packet to 
the destination device; and 

a processor coupled to the plurality of I/O ports for processing the data packet; 
wherein the processor is programmed to: 

monitor the data packet; 

determine whether the data packet is potentially harmftil to the destination device; 

interrupt transmission of the data packet in response to determining that the data packet is 
potentially harmful to the destination device, including communicating with a second routw to 
cause the second router to interrupt transmission of a future data packet; and 

transnriit the data packet in response to determining that the data packet is not potentially 
harmful to the destination device, 

wherein the processor is further programmed to collaborate with an upstream router that 
is not a neighbor of the router to have the upstream router block transmissions from the 
originator. 

12. (Previously Presented) The router of claim 1 1 . wherein, in response to determining that the 
data packet is potentially harmful to the destination device, the processor is further programmed 
to discard a later data packet from the originator. 
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13. (Previously Presented) The router of claim 11, wherein, in response to detemrining that the 
data packet is potentiaUy harmful to the destination device, the processor is further programmed 
to send a command to the upstream router to intercept fiiture data packets from the originator. 

14. (Previously Presented) The router of claim 1 1, wherein, in response to determining that the 
data packet is potentiaUy harmful to the destination device, the processor is further programmed 
to forward an agent to the,upstream router, the agent arranged to intercept future data packets 
from the originator. 



15. (Original) The router of claim 11, wherein the processor is further programmed to check for 
a potential presence of at least one of a worm, a virus, and a Trojan horse. 

16. (Original) The router of claim 1 1, wherein the processor is further programmed to at least 
one of: 

random sample a subset of data packets; 
monitor data packets having a predetermined source address; 
monitor data packets having a predetermined destination address; and 
monitor data packets having a predetermined combination of source and destination 
address. 
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17. (Original) The router of claim 11, wherein the processor is further piognunmed, 

in response to determining that a first data packet is suspicious, to decide to monitor future data 
packets having at least one of a source address and a destination address matching, respectively, 
the source address and the destination address of the first data packet. 

18. (Previously Presented) The router of claim 1 1, wherein the processor is further programmed 
to collaborate with the upstream router to cause the upstream'router to update its capabilities to 
detect a potentially haimfiil data packet. 

19. (Canceled) 

20. (Previously Presented) The router of claim 1 1. wherein the processor is fiirther programmed 
to identify the upstream router by sending a command to the originator, the command requesting 
address information from participating routers. 

21, (Canceled) 

22. (Canceled) 
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